nach oben

Erschienen in:

2018 | OriginalPaper | Buchkapitel

Security Challenges in Cyber-Physical Production Systems

verfasst von : Peter Kieseberg, Edgar Weippl

Erschienen in: Software Quality: Methods and Tools for Better Software and Systems

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Within the last decade, Security became a major focus in the traditional IT-Industry, mainly through the interconnection of systems and especially through the connection to the Internet. This opened up a huge new attack surface, which resulted in major takedowns of legitimate services and new forms of crime and destruction. This led to the development of a multitude of new defense mechanisms and strategies, as well as the establishing of Security procedures on both, organizational and technical level. Production systems have mostly remained in isolation during these past years, with security typically focused on the perimeter. Now, with the introduction of new paradigms like Industry 4.0, this isolation is questioned heavily with Physical Production Systems (PPSs) now connected to an IT-world resulting in cyber-physical systems sharing the attack surface of traditional web based interfaces while featuring completely different goals, parameters like lifetime and safety, as well as construction. In this work, we present an outline on the major security challenges faced by cyber-physical production systems. While many of these challenges harken back to issues also present in traditional web based IT, we will thoroughly analyze the differences. Still, many new attack vectors appeared in the past, either in practical attacks like Stuxnet, or in theoretical work. These attack vectors use specific features or design elements of cyber-physical systems to their advantage and are unparalleled in traditional IT. Furthermore, many mitigation strategies prevalent in traditional IT systems are not applicable in the industrial world, e.g., patching, thus rendering traditional strategies in IT-Security unfeasible. A thorough discussion of the major challenges in CPPS-Security is thus required in order to focus research on the most important targets.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Nächstes Kapitel Monitoring of Access Control Policy for Refinement and Improvements

Agrawal, R., Kiernan, J.: Watermarking relational databases. In: Proceedings of the 28th International Conference on Very Large Data Bases, pp. 155–166. VLDB Endowment (2002)

Barry, B.I.A., Chan, H.A.: Intrusion detection systems. In: Stavroulakis, P., Stamp, M. (eds.) Handbook of Information and Communication Security, pp. 193–205. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-04117-4_10 CrossRef

Barth, M., Biffl, S., Drath, R., Fay, A., Winkler, D.: Bewertung der offenheit von engineering-tools. Open Autom. 4(13), 12–15 (2013)

Byres, E.: The air gap: SCADA’s enduring security myth. Commun. ACM 56(8), 29–31 (2013)CrossRef

Crosby, M., Pattanayak, P., Verma, S., Kalyanaraman, V.: Blockchain technology: beyond bitcoin. Appl. Innov. 2, 6–10 (2016)CrossRef

Depren, O., Topallar, M., Anarim, E., Ciliz, M.K.: An intelligent intrusion detection system (IDS) for anomaly and misuse detection in computer networks. Expert Syst. Appl. 29(4), 713–722 (2005)CrossRef

Diemer, J.: Sichere industrie-4.0-plattformen auf basis von community-clouds. In: Vogel-Heuser, B., Bauernhansl, T., ten Hompel, M. (eds.) Handbuch Industrie 4.0 Bd. 1. VDI Springer Reference, pp. 177–204. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-45279-0_39 CrossRef

Interinstitutional File: Proposal for a regulation of the european parliament and of the council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (general data protection regulation) (2012)

Villaronga, E.F., Kieseberg, P., Li, T.: Humans forget, machines remember: artificial intelligence and the right to be forgotten. Comput. Secur. Law Rev. 8 (2017)

10.

Hell, K., Lüder, A.: Wiederverwendung im engineering. ZWF Zeitschrift für wirtschaftlichen Fabrikbetrieb 111(6), 337–341 (2016)CrossRef

11.

Kagermann, H.: Recommendations for Implementing the Strategic Initiative Industrie 4.0. Forschungsunion, Essen (2013)

12.

Howard, M., Lipner, S.: The Security Development Lifecycle, vol. 8. Microsoft Press, Redmond (2006)

13.

Hundt, L., Lüder, A.: Development of a method for the implementation of interoperable tool chains applying mechatronical thinking—use case engineering of logic control. In: 2012 IEEE 17th Conference on Emerging Technologies and Factory Automation (ETFA), pp. 1–8. IEEE (2012)

14.

Kieseberg, P., Schrittwieser, S., Mulazzani, M., Echizen, I., Weippl, E.: An algorithm for collusion-resistant anonymization and fingerprinting of sensitive microdata. Electron. Mark. 24(2), 113–124 (2014)CrossRef

15.

Langner, R.: Stuxnet: dissecting a cyberwarfare weapon. IEEE Secur. Priv. 9(3), 49–51 (2011)CrossRef

16.

Liang, G., Weller, S.R., Zhao, J., Luo, F., Dong, Z.Y.: The 2015 ukraine blackout: implications for false data injection attacks. IEEE Trans. Power Syst. 32(4), 3317–3318 (2017)CrossRef

17.

Lindemann, U.: Methodische Entwicklung Technischer Produkte: Methoden Flexibel und Situationsgerecht Anwenden. Springer, Heidelberg (2006). https://doi.org/10.1007/978-3-642-01423-9

18.

McGraw, G.: Software security. IEEE Secur. Priv. 2(2), 80–83 (2004)CrossRef

19.

Nagra, J., Collberg, C.: Surreptitious Software: Obfuscation, Watermarking, and Tamperproofing for Software Protection. Pearson Education, London (2009)

20.

Ramaswamy, A., Bratus, S., Smith, S.W., Locasto, M.E.: Katana: a hot patching framework for elf executables. In: International Conference on Availability, Reliability, and Security, ARES 2010, pp. 507–512. IEEE (2010)

21.

Richtlinie, V.D.I.: 2206: Entwicklungsmethodik für mechatronische Systeme. VDI-Verlag, Düsseldorf (2004)

22.

Richtlinie, V.D.I.: 2221 (1993): Methodik zum Entwickeln und Konstruieren technischer Systeme und Produkte. VDI-Verlag, Düsseldorf (2007)

23.

Riel, A., Kreiner, C., Macher, G., Messnarz, R.: Integrated design for tackling safety and security challenges of smart products and digital manufacturing. CIRP Ann.-Manuf. Technol. 66, 177–180 (2017)CrossRef

24.

Schrittwieser, S., Katzenbeisser, S., Kinder, J., Merzdovnik, G., Weippl, E.: Protecting software through obfuscation: can it keep pace with progress in code analysis? ACM Comput. Surv. (CSUR) 49(1), 4 (2016)CrossRef

25.

Sion, R., Atallah, M., Prabhakar, S.: Watermarking relational databases (2002)

Titel: Security Challenges in Cyber-Physical Production Systems
verfasst von: Peter Kieseberg
Edgar Weippl
Verlag: Springer International Publishing
Buch: Software Quality: Methods and Tools for Better Software and Systems
Print ISBN: 978-3-319-71439-4

Electronic ISBN: 978-3-319-71440-0

Copyright-Jahr: 2018
DOI: https://doi.org/10.1007/978-3-319-71440-0_1

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner